WhatsApp and Telegram apps that steal cryptocurrencies are rising
Cybersecurity companies have detected the first instance of malware called clipper, which is embedded in instant messaging applications and can retrieve information from the screen clipboard.
Threat actors enable users to download Telegram and WhatsApp applications, modified by incorporating Trojan horses, on their Android and Windows devices via fake websites. Thanks to these fake apps, they can track victims' cryptocurrencies. The malware can replace the cryptocurrency wallet addresses sent by the victim from the chat application with the addresses belonging to the attacker. They can abuse optical character recognition to extract text from the display clipboard and steal account recovery codes for the cryptocurrency wallet.
Scammers are trying to seize cryptocurrency wallets via instant messaging apps
When the language used in the imitation applications was examined, it was revealed that the people using these software were especially targeting Chinese-speaking users. Since both Telegram and WhatsApp have been banned in China since 2015 and 2017, respectively, people who wanted to use these apps had to resort to indirect means. The threat actors in question first set up Google Ads, which redirects them to fake YouTube channels, and then redirects users to copycat Telegram and WhatsApp websites. Research companies reported the fake ads and related YouTube channels to Google, and Google immediately discontinued all of these ads and channels.